WordPress Trashed Posts Information Disclosure Vulnerability Network Vulnerability

Summary

WordPress is prone to an information-disclosure vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to view other authors' trashed posts, which may aid in further attacks. Versions prior to WordPress 2.9.2 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://tmacuk.co.uk/?p=180
http://wordpress.org/
http://wordpress.org/development/2010/02/wordpress-2-9-2/
http://www.securityfocus.com/bid/38368

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0682
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities